|
The One Million Rules per
Second Script Language
ALEV is a modern, extremely easy to use, extensible,
super-fast (1) scripting language that is embedded in
the Tango/04 SmartConsole and other products.
You probably know already how
to use it, as it has a pseudocode-like syntax (as Pascal
has). It is very easy to understand and maintain ALEV
scripts.
The only BSM-oriented Script Language
ALEV was designed by Tango/04 to work hand in hand with
the SmartConsole with event transformation, handling
and correlation in mind. Thus, it is a perfect fit for
Security Event Management and Business Service Management.
It has lots of event manipulation functions,
direct access to any event variables, pattern-matching
string extraction from event texts, inter-script global
variable access, persistence, the ability to check and
change the health of any component or application, the
ability to alter the Business Value (real cost impact
of an event), etc. And everything at lightning speed.
State of the Art Development Tools
ALEV has outstanding development tools to make your
job easier. It has a complete development and debugging
environment for Rapid Application Development (RAD).
It sports online help, color-coding, syntax auto-completion
and automated checking, GUI function templates, and
a comprehensive interactive debugger.
Full-featured On-Demand Debugger
You can debug test scripts in a controlled development
environment, or start debugging any script that is in
Production whenever you want, so you can jump directly
into the exact context of the problem when it appears,
enormously reducing your debugging efforts.
Figure 1 - On demand debugger, a real
timesaver. Just click on the "Debug Expression"
checkmark on any ALEV script and an advanced debugger
(with watch lists, bookmarks, tooltips, animation, step-by-step,
run to cursor, and more) will help you fix any script
glitch… even for scripts in Production mode.
Figure 2 - Several assistants will help
you write perfect ALEV Scripts. Just press Ctrl+Space
to get automated completion of functions, procedures,
and variable names. Click on "Debug Expression"
to invoke the On-Demand Debugger. Or use the Wizards
to simplify entering complex pattern matching functions.
Ultra-fast Speed for Maximum
Scalability
Besides being multithreaded, memory-efficient, and automatically
pre-compiled, ALEV has another great advantage: Optimized
Variable Evaluation (OVE). Usually, embedded scripting
works by initializing all the variables and then leaving
it up to the application to discover which ones have
been modified. ALEV is smarter. ALEV will not initialize
or do anything with any variable unless it is going
to be actually used in the script. And after executing,
ALEV marks the modified variables so it is easy for
the SmartConsole to handle only the ones that have changed.
As events frequently contain more than 100 variables
(and only a few are referenced in the script), the execution
time savings are outstanding. And it does everything
automatically.
Persistent Variables for Maximum Resiliency
The SmartConsole is a highly-available product. If something
goes wrong (such as an unexpected Windows shutdown)
it automatically switches over a secondary, cluster-installed
console, restoring its status at the point of a failure.
But what happens to the custom scripts? Normally, all
variables would lose their values. To prevent this,
ALEV makes it easy to define a variable as "persistent".
Values at moment of the switchover are automatically
preserved, with zero extra programming effort.
Figure 3 - Just click on the "Persistent"
checkmark and don't worry about an unexpected shutdown
- the latest variable value will be automatically retrieved
from disk.
This feature is excellent for complex
event correlation, scenario setting, or simply to keep
counters with accurate results. In any other scripting
language, you would have to take care of this yourself,
programmatically. ALEV saves you time.
Associative Arrays, Sets, Calendars,
and more
ALEV supports integer, real, dates, strings, date arithmetic,
set, set arithmetic, arrays, multidimensional arrays,
associative arrays, regular expressions, etc., for maximum
flexibility. The variant type is supported, so you don't
need to specify the type of a variable beforehand. Calendars
are also supported, and it takes only a function to
know if a date is within Calendar object bands (isDateInCalendar).
Sets are also easy to use, as it takes only an operator
to know whether an element is in the set or not (if
Element in Set then/else).
Complex Automation Made Easy
You can do a lot of complex automation on the SmartConsole
without writing a single ALEV line of code. But when
you really need the power of a scripting language, ALEV
will let you do practically anything. Examples of automation
are: disabling users across multiple Windows domains,
changing roles for users across different platforms,
creating random passwords and sending them through encrypted
email, modifying system attributes in remote systems,
holding a Windows CPU-abusive process, and more.
Extensible
If ALEV is not enough for your needs, you can extend
it. You can define new ALEV functions using any language
you can program a DLL on. You can call external programs
right from ALEV. So you don't have to be afraid about
your future needs, as you can rest assured that you'll
be able to achieve your monitoring goals.
Field-Tested for More than 7 Years
ALEV was created in 2001. It has been improved and optimized
a lot since then, and several new functions are regularly
added. Designed as a multiplatform language, it has
been ported to Linux/Unix and IBM System i (OS/400 and
i5/OS). And it has fans all over the world, as it is
a robust workhorse that can process millions of events
per day.
The Ace Up Your Sleeve
Clean, structured, fast , robust, BSM-oriented, ALEV
is perfect for event manipulation, data enrichment,
complex event correlation, advanced automation, and
more. It is one of the "secrets" of the SmartConsole
to perform so well in the demanding monitoring situations
of the real world.
|
Python fan?
ALEV is at the heart of the SmartConsole (the
event correlation point), but you can still write
Python scripts at the ThinkServer (the data collection
point) for maximum flexibility. In fact, you can
write the full data collection script in Python,
creating new agents, and calling any Python-callable
language (including C, C++, C#, JavaScript, Java,
VisualBasic Script, Delphi, and more) whenever
you want.
Tango/04 offers you the
ultimate flexibility, robustness and convenience:
an open, standard scripting language with tons
of library functions at the data collection point
and a special purpose, BSM-oriented, extremely
resilient, ultra-fast embedded language at the
event correlation point.
|
(1) It handles 1.022.494 (Intel Core 2
Duo 6400 at 2.1 GHz, Windows Vista SP1, with 2 GB of
RAM) basic rules per processor core (which means that
a modern dual core machine can easily achieve about
two million rules per second). In older hardware, it
handles almost a million (984.736) rules per second
in a Pentium D 830 running at 3GHz, and it can process
more than 700,000 rules per second in a Pentium III
CPU running at 666 MHz. These are laboratory test with
only one rule containing one ALEV arithmetical-logical
expression, in a pure ALEV environment, as a measure
of ALEV raw rule processing speed. Actual results may
vary.
|
